ensure quorum is set false when corosync fails

If corosync directly fails (i.e. `killall corosync`) the local node
acted like it had still quorum, which is not ideal.

Ensure that we set quorate to false before we finalize the quorum.

Do this in:

* service_quorum_dispatch, if it fails it is important that we set
it to false, as there is a good possibility that the
quorum_notification_fn won't get called anymore, reproducible with
$ killall corosync && sleep 0.1 && ls -l /etc/pve/ \
  && systemctl start corosync
Expected behavior: corosync is dead, the ls should show that
everything in /etc/pve is read only
Shown: behavior: /etc/pve still has read/write access and
PVE::Cluster::check_cfs_quorum() still returns true

* service_quorum_initialize: just to be sure as we successfully
  registered the quorum notification function already

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/data/src/quorum.c b/data/src/quorum.c
index 1c258db04827e81e7fa2d51570d2838295c0e8d1..d9afc1d4b0c88f110d020baac637f13401648efc 100644 (file)
--- a/data/src/quorum.c
+++ b/data/src/quorum.c
@@ -146,6 +146,7 @@ static int service_quorum_initialize(
        return quorum_fd;
 
  err_finalize:
+       cfs_set_quorate(0, FALSE);
        quorum_finalize(handle);
  err_reset_handle:
        private->handle = 0;
@@ -181,6 +182,7 @@ loop:
 
        cfs_critical("quorum_dispatch failed: %d", result);
 
+       cfs_set_quorate(0, FALSE);
        quorum_finalize(handle);
        private->handle = 0;
        return FALSE;